Press Release

Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests

MOUNTAIN VIEW, Calif. – Sept. 19, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines.

“The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years,” said Dean Gonsowski, eDiscovery Counsel at Symantec. “With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It’s critical for the two departments to work together to develop and implement an effective information retention policy.”

Click to Tweet: Do you know the most commonly requested documents for an eDiscovery request? If you said email, you’re wrong.

Email Does Not Equal eDiscovery

When asked what types of documents are most commonly part of an eDiscovery request, respondents selected files and documents (67 percent), and database or application data (61 percent) ahead of email (58 percent). As evidence of just how many sources companies must be prepared to produce information from, more than half indicated SharePoint files (51 percent), and nearly half cited instant messages and text messages (44 percent) and social media (41 percent).

Better Practices Drive Dramatically Better Outcomes

The survey found wide variations in information retention practices among enterprises. Companies that employ best practices, such as automating the placement of legal holds and leveraging an archiving tool instead of relying on backups, fare dramatically better when it comes to responding to an eDiscovery request. These top- tier companies are 81 percent more likely to have a formal retention plan in place; 63 percent more likely to automate legal holds; and 50 percent more likely to use a formal archiving tool.

Implementing these best practices translates to a 64 percent faster response time with a 2.3 times higher success rate when responding to an eDiscovery request. Consequently, these top-tier companies are significantly less likely to suffer negative consequences than companies that do not have a formal information retention policy in place. Top-tier companies are:

78 percent less likely to be sanctioned by the courts

47 percent less likely to lead to compromised legal position

20 percent less likely to have fines levied

45 percent less likely to disclose too much information leading to compromised litigation position

Despite Risks, Organizations Still Not Prepared

Despite the risks, the survey found nearly half of respondents do not have an information retention plan in place. Thirty percent are only discussing how to do so, and 14 percent have no plan to do so. When asked why, respondents indicated lack of need (41 percent); too costly (38 percent); nobody has been chartered with that responsibility (27 percent); don’t have time (26 percent); and lack of expertise (21 percent) are top reasons

Recommendations

Create and implement a records and information management (RIM) program. Get started with a formal plan as soon as possible, and then refine it accordingly to address specific laws and regulations governing the retention and availability of information. Without a formal plan it is difficult to know when – and what – to delete, which drives over-retention and creates additional risk.

Periodically delete electronically stored information (ESI) according to your RIM program. Most organizations (79 percent) believe that a proper information retention plan should allow them to delete information. Yet, 20 percent of organizations still retain archived data forever. This means that a large percentage of organizations are not correctly deploying the archive to minimize data through expiry and by implementing document retention policies. Delete according to your information retention plan to reduce storage, litigation exposure and eDiscovery costs.

Use backup for recovery, archiving for discovery. The survey found approximately 40 percent of organizations keep data on their backup tapes infinitely and use those backup tapes for their legal hold process. This exposes them to the costly and dangerous proposition of restoration in the event of litigation. Backup is intended for recovery purposes, and 30-60days is the longest data should be backed up. Files should then be automatically archived or deleted. Using backup only for disaster recovery enables an organization to delete older backup sets within months instead of years.

Deploy advanced legal hold processes and solutions to minimize the risk of non-compliance. The preservation step of the litigation process is fraught with risks due to the potential of spoliation sanctions, which are often levied after the loss or inadvertent deletion of ESI. The safest strategy is to deploy next generation legal hold applications to better communicate the importance of a given legal hold notice, track acknowledgement and periodically issue reminders to affected custodians. Leveraging software here is particularly critical since legal holds can encompass thousands of custodians and span many years, both of which stress manual solutions.

Conduct litigation readiness exercises to determine exposure areas and formulate a prioritized remediation plan. It is critical for organizations to assess their current state of preparedness to determine how well they can safely and efficiently respond to an eDiscovery request or governmental inquiry. By taking a long term approach and leveraging industry best practices (along the EDRM spectrum), companies are in a much better position to withstand challenges to their internal processes and avoid negative consequences. For example, top-tier companies in the survey were 78percent less likely to be sanctioned by the courts and 47percent less likely to have their legal position unnecessarily compromised.

Prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems. eDiscovery is no longer primarily limited to email. Identify where all electronically stored information resides company-wide so that these sources do not go unrecognized. Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular auditable environment.

Symantec’s 2011 Information Retention and eDiscovery Survey

Applied Research fielded this survey by telephone in June and July of 2011. We spoke to 2,000 Enterprises from 28 countries. The organizations, which included a large range of industries, were enterprises with 1,000 employees or more. Respondents consisted of both a representative from IT management and a representative from Legal. By including both we were able to get a holistic picture of information retention and eDiscovery issues in the organization. Globally, this survey has a reliability of 95 percent confidence with +/- 2.2 percent margin of error.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.co.uk.

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/en/uk/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.